Cybersquatting is when a hacker registers different variations of your domain name with malicious intent. Simple spelling errors or fake links they spread could land your users on phishing pages, clones of your site loaded with malware or cryptominers, payment scams, and more. Palo Alto Networks flagged 13,857 newly registered domains, in December 2019 alone, as having potential cybersquatting intents. Approximately 18% of those were found to host malware and phishing, while another 36% presented overall high-risk to visitors. Cybersquatting can take many forms:
- Misspellings + typos such as gogle.com, aple.com, paupal.com
- Variations on the top-level domain such as paypal.io, paypal.xyz, apple.online
- Combo-names and fake subdomains such as gmail-security.com, apple.user-settings.io
None of those are real but you can start to imagine a single wrong keystroke or a less-than-tech-savvy user getting ending up in trouble (and you losing business).
High-level Solution + Recommendations
There are two great steps you can take right now to reduce the likelihood of cybersquatting in the future:
1) Tell your users to bookmark your site, social profiles, or platforms repeatedly. Get it into their mind that bookmarks are the best and to not trust random links they find online. Bookmarks mean there is no chance they’ll misspell it or get redirected elsewhere.
2) Buy domain variations now. Domains aren’t expensive and having the variations parked and redirected to your main site could save you trouble in the future. If you have a .com, go ahead and just grab the .ca, .io, .org, .net, and more. Depending on how unique your brand name is, these could cost you as little as a few dollars a piece. You can also use typo generators to give you different common typos that might occur for your domain name:
There are 2 steps you can take to remedy cybersquatting issues that might already be a problem for you. You will need to file a trademark on your brand name before you’ll be able to take advantage of these steps below :
1) If your business is in the United States, you can take legal action against any malicious domains under ACPA (Anticybersquatting Consumer Protection Act) to take control of the domain and be awarded damages.
2) If you’re outside the United States (and if you’re inside the US), you can file a complaint under ICANN’s UDRP (Uniform Domain-Name Dispute-Resolution Policy) to seize the domain. ICANN basically control domain names worldwide, so they have the power to shut down domains or transfer them.